[u r] Promotion 2025-12-09 prod (#7628, PR #7636)

Author: dsotirho-ucsc

.github/ISSUE_TEMPLATE/zap_context_technologies_review.md

@@ -0,0 +1,15 @@
+---
+name: Update the ZAP scan context file
+about: Template for the annual review/update of the web application vulnerability scan (DAST) context file
+title: Update the ZAP scan context file
+labels: -,compliance,infra,no demo,operator
+type: Chore
+_repository: DataBiosphere/azul-private
+_start: 2026-01-01T09:00
+_period: 1 year
+---
+- [ ] Export the `Default Context` provided by ZAP to a temporary file
+- [ ] Compare the exported file with [azul-zap-scan.context](https://github.com/DataBiosphere/azul-private/blob/main/azul-zap-scan.context) and apply any relevant changes to the latter
+- [ ] Open a new PR with the resulting changes, if any
+
+Relevant changes are those that add entries to the `<tech>` element, or that enable additional features. The `<alertFilters>` element should generally be left as is, because it controls what findings we deem false positives.

OPERATOR.rst

@@ -743,24 +743,34 @@ session`_ and run a scan. After your scan has completed and you have generated
 a report, close the ZAP application, and then repeat the steps above to start
 each additional scan with a fresh authentication token.
 
-.. _`create a new session`: #zap-sessions
-
-ZAP Sessions
-""""""""""""
-
-With the ZAP application open, you must start a new session prior to running a
-new scan. Failure to do so can pollute the scan results with the findings from
-the previous scan. A new session is created each time you launch ZAP, or
-alternatively, to manually open a new session, from the app menu bar select
-*File*, and then *New Session*.
-
+.. _`create a new session`: #zap-context-and-sessions
+
+ZAP Context and Sessions
+""""""""""""""""""""""""
+
+With the ZAP application open, and prior to running any scan, start a new
+session and import `azul-zap-scan.context`_ from the azul-private repo.
+Failure to do so will pollute the scan results with known false positives and
+findings from the previous scan. A new session is created each time you launch
+ZAP. Alternatively, to manually open a new session, select *File* from the
+application menu bar, and then select *New Session*.
+
+To import the context file select *File* from the application menu bar, followed
+by *Import Context…* and then proceed to find the `azul-zap-scan.context`_ file
+and click *Open*. Confirm the context is *In Scope* by double-clicking the newly
+imported context and ensuring the checkmark is present in the *In Scope*
+checkbox. After clicking *OK*, a red dot will be shown in the icon next to the
+entry labeled *Azul Context*. Lastly, delete the ``Default Context`` by
+right-clicking it and selecting the *Delete* option.
+˚
 If you are prompted with options to persist the ZAP session, select the *No, I
 do not want to persis this session at this moment in time* option and click
 *Start*.
 
 You may now continue with either a `Data Portal / Browser scan`_ or `Azul
 Indexer / Service API scan`_.
 
+.. _`azul-zap-scan.context`: https://github.com/DataBiosphere/azul-private/blob/main/azul-zap-scan.context
 .. _`Portal / Browser scan`: #running-a-portal-browser-scan
 .. _`Azul Indexer / Service API scan`: #running-an-azul-indexer-service-api-scan
 

UPGRADING.rst

@@ -20,6 +20,15 @@ reverted. This is all fairly informal and loosely defined. Hopefully we won't
 have too many entries in this file.
 
 
+#7543 No mirror-able sources in anvildev/anvilbox
+=================================================
+
+In your AnVIL personal deployments' ``environment.py`` files, update the list of
+sources for the ``anvil`` catalog using the anvilbox deployment's
+``environment.py`` as a model. Redeploy and reindex your deployments after
+updating their configuration.
+
+
 #7571 Add new snapshot to dcp3 on HCA dev
 =========================================
 

deployments/anvilbox/environment.py

@@ -76,7 +76,7 @@ def union(previous_catalog: dict[DatasetName, SourceItem | None],
 anvil_sources = union({}, 3, delta([
     source('e53e74aa', '1000G_2019_Dev_20230609_ANV5_202306121732'),
     source('42c70e6a', 'CCDG_Sample_1_20230228_ANV5_202302281520'),
-    source('97ad270b', 'CMG_Sample_1_20230225_ANV5_202302281509')
+    source('dd576076', 'CMG_Sample_1_20230225_ANV5_202512031111')
 ]))
 
 

deployments/anvildev/environment.py

@@ -74,7 +74,7 @@ def union(previous_catalog: dict[DatasetName, SourceItem | None],
 anvil_sources = union({}, 3, delta([
     source('e53e74aa', '1000G_2019_Dev_20230609_ANV5_202306121732'),
     source('42c70e6a', 'CCDG_Sample_1_20230228_ANV5_202302281520'),
-    source('97ad270b', 'CMG_Sample_1_20230225_ANV5_202302281509')
+    source('dd576076', 'CMG_Sample_1_20230225_ANV5_202512031111')
 ]))
 
 

deployments/prod/environment.py

@@ -1759,6 +1759,14 @@ def union(previous_catalog: dict[DatasetName, SourceItem | None],
     source('bigquery', 'datarepo-bb0a7bc5', 'hca_prod_c7a342eb777e447995ce468f5bbcd893__20251104_dcp2_20251104_dcp55'),
 ]))
 
+dcp56_sources = union(dcp55_sources, 527, delta([
+    source('bigquery', 'datarepo-be20d3ab', 'hca_prod_1662accf0e0c48c493145aba063f2220__20240503_dcp2_20251202_dcp56'),
+    source('bigquery', 'datarepo-acfb8443', 'hca_prod_2079bb2e676e4bbf8c68f9c6459edcbb__20240327_dcp2_20251202_dcp56'),
+    source('bigquery', 'datarepo-37069141', 'hca_prod_4bcc16b57a4745bbb9c0be9d5336df2d__20240327_dcp2_20251202_dcp56'),
+    source('bigquery', 'datarepo-e753ed10', 'hca_prod_76bc0e978cae43d4a647477a13be47f9__20251202_dcp2_20251202_dcp56'),
+    source('bigquery', 'datarepo-91033277', 'hca_prod_9c20a245f2c043ae82c92232ec6b594f__20220212_dcp2_20251202_dcp56'),
+]))
+
 lungmap_sources = union({}, 3, delta([
     source('bigquery', 'datarepo-32f75497', 'lungmap_prod_00f056f273ff43ac97ff69ca10e38c89__20220308_20220308'),
     source('bigquery', 'datarepo-7066459d', 'lungmap_prod_1bdcecde16be420888f478cd2133d11d__20220308_20220308'),
@@ -1871,6 +1879,7 @@ def env() -> Mapping[str, str | None]:
                                        sources=condense(sources))
             for atlas, catalog, sources, mirror_limit, it_mirror_limit in [
                 ('hca', 'dcp55', dcp55_sources, None, int(1.5 * 1024 ** 3)),
+                ('hca', 'dcp56', dcp56_sources, None, int(1.5 * 1024 ** 3)),
                 ('lungmap', 'lm9', lm9_sources, -1, -1)
             ]
             for suffix, is_it in [